[PATCH v2 10/20] x86: avoid W^X being broken during modules loading
Nadav Amit
nadav.amit at gmail.com
Mon Feb 11 19:09:25 UTC 2019
> On Feb 11, 2019, at 11:01 AM, Borislav Petkov <bp at alien8.de> wrote:
>
> On Mon, Feb 11, 2019 at 10:45:26AM -0800, Nadav Amit wrote:
>> Are you sure about that? This path is still used when modules are loaded.
>
> Yes, I'm sure. Loading a module does a gazillion things so saving a
> couple of insns - yes, boot_cpu_has() is usually a RIP-relative MOV and a
> TEST - doesn't show even as a blip on any radar.
I fully agree, if that is the standard.
It is just that I find the use of static_cpu_has()/boot_cpu_has() to be very
inconsistent. I doubt that show_cpuinfo_misc(), copy_fpstate_to_sigframe(),
or i915_memcpy_init_early() that use static_cpu_has() are any hotter than
text_poke_early().
Anyhow, I’ll use boot_cpu_has() as you said.
More information about the Linux-security-module-archive
mailing list